Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity? In episode 146, Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight.
Should the FDA allow hospitals to implant defibrillators with known security flaws in unknowing patients? I argue that that’s the question raised by the latest security flaw announcement from the FDA, DHS, and St. Jude Medical (now Abbot Labs).
Repealing the FCC’s internet privacy regulations is well within Congress’s power if it acts soon, says Stephanie Roy, who stresses how rare it is for Republicans to hold the presidency and both houses of Congress. (And who says President Obama didn’t leave a legacy?)
The European Commission isn’t done complaining about US security programs, Maury Shenk tells us. Vera Jourova wants to know more about the US request that Yahoo! screen for certain identifiers and hand over what it finds. That’s apparently too useful for finding terrorists to satisfy delicate European sensibilities. Speaking of which, Angela Merkel is in the bulls-eye for Russian doxing. And to hear Maury tell it, Russia has probably been collecting raw material for years.
Should we start treating Best Buy computer support as though its geeks work for the FBI? And would that be a defense if they find bad stuff on our computers without a warrant? Michael thinks it’s more complicated than that.
Speaking of overhyped stories, Michael and I unpack the claim that President Obama’s team is handing out access to raw NSA product with unseemly haste and enthusiasm. In fact, this proposal has been kicking around the interagency for years, and the access is heavily circumscribed. As for the haste, it could be the outgoing team is afraid its proposal will be unduly delayed by the new guys – or that all its circumscribing will be second-guessed. You make the call!
And for something truly new, we offer “call-in corrections,” as Nebraska law professor Gus Hurwitz tells us about the one time the FTC discussed the NIST Cyber Security Framework. It’s safe to say that this correction won’t leave the FTC any happier than my original charge that the agency can’t get past “Hey! I was here first!”
As always, the Cyberlaw Podcast welcomes feedback. Send an email to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785.